CVE-2026-54192 Ays Pro CVE debrief

Who should care

Administrators and users of the Popup box plugin versions <= 6.2.9 should be aware of this vulnerability and take necessary actions to mitigate the risk. Web application security teams and cybersecurity professionals should also be aware of this vulnerability and monitor for potential attacks.

Technical summary

CVE-2026-54192 is a high-severity Unauthenticated Cross Site Scripting (XSS) vulnerability in Popup box plugin versions <= 6.2.9. The vulnerability has a CVSS score of 7.1 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The weakness is classified as CWE-79. The vulnerability allows an unauthenticated attacker to perform XSS attacks.

Defensive priority

high

Recommended defensive actions

• Update the Popup box plugin to a version greater than 6.2.9
• Implement additional security measures to detect and prevent XSS attacks
• Monitor web application logs for potential attacks
• Use a web application firewall to detect and prevent attacks
• Perform regular security audits and vulnerability assessments
• Educate users on the risks of XSS attacks and how to prevent them

Evidence notes

The vulnerability was reported by Patchstack and is classified as a high-severity vulnerability. The CVE record and NVD detail provide further information on the vulnerability.

Official resources